Commit a62dc11a authored by Aleksandr Soborov's avatar Aleksandr Soborov Committed by Walmyr Lima e Silva Filho

Added E2E tests for SAST reports

Additionally updated fixture to provide SAST report
parent 96313e86
...@@ -24,3 +24,13 @@ container_scanning: ...@@ -24,3 +24,13 @@ container_scanning:
artifacts: artifacts:
reports: reports:
container_scanning: gl-container-scanning-report.json container_scanning: gl-container-scanning-report.json
sast:
tags:
- qa
- test
script:
- echo "Skipped"
artifacts:
reports:
sast: gl-sast-report.json
This diff is collapsed.
...@@ -5,7 +5,7 @@ require 'pathname' ...@@ -5,7 +5,7 @@ require 'pathname'
module QA module QA
context 'Secure', :docker do context 'Secure', :docker do
describe 'Security Reports in a Merge Request' do describe 'Security Reports in a Merge Request' do
let(:total_vuln_count) { 12 } let(:total_vuln_count) { 45 }
after do after do
Service::Runner.new(@executor).remove! Service::Runner.new(@executor).remove!
......
...@@ -10,6 +10,8 @@ module QA ...@@ -10,6 +10,8 @@ module QA
let(:dependency_scan_example_vuln) { 'jQuery before 3.4.0' } let(:dependency_scan_example_vuln) { 'jQuery before 3.4.0' }
let(:container_scan_vuln_count) { 8 } let(:container_scan_vuln_count) { 8 }
let(:container_scan_example_vuln) { 'CVE-2017-18269 in glibc' } let(:container_scan_example_vuln) { 'CVE-2017-18269 in glibc' }
let(:sast_scan_vuln_count) { 33 }
let(:sast_scan_example_vuln) { 'Cipher with no integrity' }
describe 'Security Reports' do describe 'Security Reports' do
after do after do
...@@ -64,6 +66,11 @@ module QA ...@@ -64,6 +66,11 @@ module QA
expect(pipeline).to have_vulnerability_count_of container_scan_vuln_count expect(pipeline).to have_vulnerability_count_of container_scan_vuln_count
expect(pipeline).to have_content container_scan_example_vuln expect(pipeline).to have_content container_scan_example_vuln
end end
filter_report_and_perform(pipeline, "SAST") do
expect(pipeline).to have_vulnerability_count_of sast_scan_vuln_count
expect(pipeline).to have_content sast_scan_example_vuln
end
end end
end end
...@@ -79,6 +86,10 @@ module QA ...@@ -79,6 +86,10 @@ module QA
filter_report_and_perform(dashboard, "Container Scanning") do filter_report_and_perform(dashboard, "Container Scanning") do
expect(dashboard).to have_low_vulnerability_count_of 2 expect(dashboard).to have_low_vulnerability_count_of 2
end end
filter_report_and_perform(dashboard, "SAST") do
expect(dashboard).to have_low_vulnerability_count_of 17
end
end end
end end
...@@ -99,6 +110,10 @@ module QA ...@@ -99,6 +110,10 @@ module QA
filter_report_and_perform(dashboard, "Container Scanning") do filter_report_and_perform(dashboard, "Container Scanning") do
expect(dashboard).to have_content container_scan_example_vuln expect(dashboard).to have_content container_scan_example_vuln
end end
filter_report_and_perform(dashboard, "SAST") do
expect(dashboard).to have_content sast_scan_example_vuln
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment